Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Friday, February 6 • 15:50 - 17:20
DNSSEC deployment from server and client side

Sign up or log in to save this to your schedule and see who's attending!

DNSSEC has been here for some time. But what it means to deploy it on the server? What is needed to keep your domain secured? There are a lot of manual and semi-automated tasks administrators need to do. This is where FreeIPA steps in and makes the deployment and maintenance of DNSSEC signed zone easy as few clicks in Web UI. Once you deployed DNSSEC on the server side, there is still some work to have your clients secured, too. Especially when using public hot-spots and networks, you should use secured DNS to eliminate man-in-the-middle attacks.

In the lab we will briefly explain how DNSSEC works. Afterwards we will deploy a signed zone using only BIND and also BIND + FreeIPA combination. We will show how FreeIPA can ease your pain with DNSSEC deployment. In the end we will try out the DNSSEC from client side using dnssec-trigger and unbound server, to keep you secured at all times.

Note: We will need at least 2 hours (2,5 maybe)

Speakers
avatar for Tomas Hozza

Tomas Hozza

Senior Software Engineer, Red Hat
Tomas is a Software Engineer at Red Hat, mainly focused on DNS and userspace networking packages. Tomas is interested in DNSSEC, but also working on different projects like rebase-helper to help package maintainers with boring tasks.
PS

Petr Spacek

Petr is a Software Engineer at Red Hat, mainly focused on DNS and its integration to other systems. Petr’s goal is to make DNSSEC deployment as easy as running one command.


Friday February 6, 2015 15:50 - 17:20
Workshops – E105

Attendees (43)